AMENDMENTS TO THE SPECIFICATION 

Please replace the paragraph beginning on page 1, Une 4, with the following rewritten 
paragraph: 

This application claims priority to U.S. Provisional Pat e nt Application No. 60/1 4 3,821 
e ntitl e d SYSTEM AbiD METHOD FOR COMPUTER SECURITY filed July 1 1, 1999 which is 
|V incorporat e d h e r e in by ref e r e nc e for all purpos e s, and U.S. Provisional Patent Application No. 

60/151,531 entitled SYSTEM AND METHOD FOR PROVIDING COMPUTER SECURITY 
filed August 30, 1999 which is incorporated herein by reference for all purposes. 

Please replace th^aragraph beginning on page 1, line 10, with the following rewritten 
paragraph: 

This application is related to co-pending U. S. Patent Application No. 09/615,961 
(Attorney Docket No. RECOP006) entitled SYSTEM AND METHOD FOR 



0 



PROTECTING A COMPUTER NETWORK AGAINST DENIAL OF SERVICE ATTACKS 
filed concurrently herewith, which is incorporated herein by reference for all purposes; and co- 
pending U. S. Patent Application No. 09/615.888 (Attorn e y Docket No. 
RECOP009) entitled SYSTEM AND METHOD FOR DYNAMICALLY CHANGING A 
COMPUTER PORT OR ADDRESS filed concurrently herewith, which is incorporated herein by 
reference for all purposes; and co-pending U. S. Patent Application No. 09/616,803 
(Attorney Docket No. RECOPOlO) entitled SYSTEM AND METHOD FOR QUICKLY 
AUTHENTICATING MESSSAGES USING SEQUENCE NUMBERS filed concurrently 
herewith, which is incorporated herein by reference for all purposes. 




Please replace the paragraph beginning on page 12, line 11, with the following rewritten 
paragraph: 
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In the example illustrated in Figure 1, the edge router 1 16 is connected to core router 
120a which cor e router is located in the same physical location 1 14 as the edge router 116. It is 
also possible for edge router 1 16 to connect to a core router that is located in a different physical 
location than the core router 120a. It is also possible in certain networks for the edge router to 
also serve as the core router and to directly permit connections between network elements served 
by the router and extemal networks such as the Intemet. This disclosure is applicable equally to 
networks configured in the manner described above as well as to other variations and 
configurations known in the art. 

Please replapelthe paragraph beginning on page 27, line 5, with the following rewritten 
paragraph: 



In this manner, multiple copies of the same suspicious message, such as may be the case 
with events A, B, and C in the queue associated with row 0 and column 1, could not successfully 
be used by an attacker to mask fi"om detection a potentially more threatening suspicious message, 
such as one associated with event F in the queue associated with row 0, colunm 4, by requiring 
the system to process multiple copies of the same message before being able to process the more 
threatening message. Because of the way in which the row and column addresses are calculated, 
multiple copies of the same message would be placed in the same queue because the hash of the 
total message and the hash of the destination address would be the same for each message. 
Similarly, different messages sent to the same destination may appear in different columns, but 
would be in the same row, because they would have the same destination address, which 
determines the row address. For example, in the example shown in Figure 6, event A, B, and C 
may be the same message, and event F may be a different message sent to the same destination. 
On[[c]]e strategy that an attacker might attempt would be to send massive numbers of copies of a 
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suspicious but relatively innocuous message in the hope of overloading the security systems in 
place on the target network and then to send a more potentially dangerous message to the same 
destination with the hope that the more dangerous message would escape detection and analysis 
by the by then overloaded security systems. The approach described above would prevent such a 
strategy from being successful because only the first message of the series of identical messages 
would be analyzed before a message from other queues would be sent to the analysis framework 
for analysis. 
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